NewtOnICT is about new things on ICT business and government policy.
It also refers to a newt (one of my favorite animals, not to be confused with a nerd) and to Isaac Newton, the man who proved God to be unnecessary.

zondag 11 december 2011

On Privacy, Data Protection and Anonymity

The value of internet for the
emancipation of peoples has reached a high water mark in 2011.
Uprisings in North Africa have shown its value for the rest of
Africa, the Middle and Far East. I was honoured by several
invitations to join think tank discussions on enhancing and also
appreciating the value that internet has. It brought me to
considerations on the protection of people's privacy on-line. Privacy or anonymity?

Privacy

Privacy is a rather undefinable
subject. How people look onto privacy depends very much on their
culture and background. It does have a legal context in the US for
example. Sometimes, the US concept of 'the right to be let alone' is
stated as the start of the legal concept but there are many, older
starts as well, amongst others in British law. Its complexity makes
it hard to handle.

In general talk, people consider
privacy as having the right to keep information about themselves out
of reach or view from others. This includes life and limb but also
property and facts. Even though others may know these people, these
acquaintances should ask permission to gather information.

Personal Data Protection

So privacy is not the same as personal
data protection. The Data Protection Acts that have been introduced
in Europe and elsewhere restrict their legal district to ICT systems.
These acts are often called Privacy Law but in fact they are not.
This data protection concept is only about the collection (and any
other processing) of personal data – it is “informational
privacy” and thus a subset of privacy in general. Data however
becomes only “information” once it is being used by the human
mind: meaningful data. It describes facts about an identifiable
individual. Only it that case do we speak of “personal” data.

People fighting for liberty and
democracy in their home countries, who were participating at the
above events, run severe risks from brutality, incarceration to death
penalty. Many of them use modern internet-based technology to spread
the word, discuss issues and organise their own events. Even so, as
Ahmed Maher (April 6 Movement, Egypt) said to me, “internet is only
a tool, handy but without it the revolution will have its way
anyway”. Still, internet is used intensively and helps to speed the
process. But not without its own dangers.

Governmental malware

Governments can have their own way with
internet. Not only is access to internet services blocked or
filtered. IP addresses will show the regimes in dictator-run
countries the whereabouts of bloggers and writers. Email can be read,
copied and traced back to its origin. A privacy law or data
protection act will not help.

Even here in Europe we see the danger
by the discovery of the Bundestrojaner, key-logger and
communication spyware devised by the German Secret Service, against
the formal decision of the Bundesverfassungsgericht (Federal
Constitutional Court of Germany). The Bundestrojaner shows
that even encryption of email may not be enough: it copies your text
while it is written, before encryption. (If it wasn't so shocking, it could be an exciting Discovery
Channel feature film).

Anonymity

A certain amount of governmental
distrust seems in place all over, reason to ask Eric Schmidt
(Google), co-host at the Freedom Online conference, whether we should
forego privacy and whether we should not aim for privacy on the
internet but for anonymity, to support and safeguard the democracy bloggers,
writers and organisers. Unfortunately his answer was not what I
had hoped for: “Google makes it possible to work anonymously with
our services (and servers). We only collect your IP address”. Yes,
thank you, that is the whole point.

What's the difference, you ask? Well,
privacy (here understood as personal data protection) means that
information about you and your whereabouts can (and will) be
collected and stored. And it can and will be used against you, either
in your public life or in a court of law. You can create laws as much
as you like, but even the country that shouts 'freedom' the hardest,
the US, collects data about you and you have no way or legal status
to protect yourself if you're not a US citizen. Privacy is guarding against the use of your data after or during the collection.

Anonymity on the other hand makes it
possible to collect all your data but impossible to trace it back to
you. Here you do not need laws; you need knowledge, awareness and
some technology. It is just possible. But you do need help from
companies like Facebook, Twitter, Google, Microsoft, Yahoo and the
like. And your government should support and promote the use of
anonymous technology.

Governments hate this. I remember that
back in the old days anon.penet.fi was taken down: a server that
anonymised the exchange of information between any two system. This
Finnish server, run by Julf Helsingius, was shut down. Several governments were said to be involved. Freedom, what?

3 opmerkingen:

Mr. Schmidt has a point: because without an IP address offering services is impossible. But are anonymous proxies the solution? I guess personalization of devices is much more threatening for privacy. Check https://panopticlick.eff.org for more on untraceability of anonymous data ...

Offering services doesn't mean collecting personal identifiers for months and years without end. Providing services with authentication but without identification must be the provider's problem, not the customer's.